The personal information and credit card details of 35
million Steam account holders may have been compromised following an attack by
A security breach of the Steam discussion forums led to an
investigation by the service’s owner Valve, which then uncovered the intrusion
into the user database on 6 November last.
The attackers used login details from the forum hack to then
access the database which contained user names, hashed and salted passwords,
game purchases, email addresses, billing addresses and encrypted credit card
Steam, a video game download service, which currently has 35
million users, shut down the forums once the attack was detected, initially
saying it was for maintenance.
However a statement by Valve boss, Gabe Newell, posted on
the site last night, confirmed the extent of the attack. He also said that
despite credit card and account information being compromised there was no
evidence so far that it was being misused.
“We do not have evidence that encrypted credit card numbers
or personally identifying information were taken by the intruders, or that the
protection on credit card numbers or passwords was cracked. We are still
investigating,” Newell said.
Newell did however warn users to keep an eye on their credit
card account for any strange activity.
While only a few forum member accounts are known to have
been hacked, all members will be required to change their password when they
try and login in again. However as the company doesn’t know of any Steam
accounts being compromised, it won’t be forcing a password change there.
The forums are still out of action on the Steam site, but
Valve has said it is woking on getting them back up and running as soon as